I've been testing IDP 3.4.0 snapshots, and I'm finding that parts of the signature and encrypted data in the response include XML-encoded carriage returns. It seems not unlike an issue addressed a few years ago https://issues.shibboleth.net/jira/browse/JSPT-50 but in a different area of the XML. I work with at least one SP will break on this if it remains in 3.4. Is there something I can do to prevent the
being generated? I'm unfamiliar with the codebase and haven't yet tracked down where they're introduced.
Sorry if this should go to another list. I can't tell where it's best to send questions about unreleased versions.
SAML response example, with some "..." abbreviations:
> Sorry if this should go to another list. I can't tell where it's best to send
> questions about unreleased versions.
dev or just file a bug.
Santuario changed the line ending in the base64 encoder back in 2.0.7, and V3.3 of the IdP is on 2.0.5 so we haven't had to address the issue yet in a shipping version.
I believe Colm either reverted the change or added a property to control it and one way or the other by the time we ship it will likely be doing what it did before, but you should file a bug against 3.4 and mark it Blocker so it isn't forgotten.
That said, if we had shipped this, we would be within our rights. That SP is broken and we don't make working around such bugs a priority.